Hallo liebe User,

nachdem ich bei jedem Rechnerneustart und anschließendem öffnen von Firefox von meinem Sophos Antivirenprogramm gewarnt wurde, dass ich Maleware auf meinem Laptop habe, habe ich mal einen kompletten Scan laufen lassen.

Das Ergebnis ist: zwei mal Maleware, ein Trojaner und ein verdächtiges Verhalten.

Betriebssystem:
Windows 7 Professional
Service Pack 1

Zum Programm: Sophos endpoint Security and Control, Produktversion 9.5
Ergebnis:

1.)
Typ: Virus/Spyware
Name: Troj/Java-BM
Details:
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-361bfed8
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-513846c8
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-54521aca
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-7f4b6c5a
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-67f20674
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\5024297e-738e9521

2.)
Typ: Virus/Spyware
Name: Mal/JavaJar-A
Details:
C:\Users\Vincenzo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\1f605f29-5c439e68

3.)
Typ: Virus/Spyware
Name: Mal/Generic-S
Details:
C:\Users\Vincenzo\AppData\Roaming\5051\components\AcroFF051.dll
-> wurde schon öfters bereinigt. Kommt aber jedesmal nach Neustart des
Laptops und starten von Firefox wieder

4.)
Typ: Verdächtiges Verhalten
Name: HIPS/RegMod-012
Details: C:\Windows\system32\taskhost.exe

ich hoffe es kann mir jemand helfen, ohne dass ich Windows neuinstallieren muss.

Mfg
Vincenzo

Hi,

ein paar Infos mehr (welches Windows, 64 Bit etc.) wären hilfreich...

Deployment-Cache löschen:
Folge den Anweisungen auf dieser Seite
http://www.java.com/de/download/help/cache_virus.xml
und dann dem Abschnitt "Lösung"...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

TDSS-Killer
Download und Anweisung unter: Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft?
Entpacke alle Dateien in einem eigenen Verzeichnis (z. B: C:\TDSS)!
Aufruf über den Explorer duch Doppelklick auf die TDSSKiller.exe.
Nach dem Start erscheint ein Fenster, dort dann "Start Scan".
Wenn der Scan fertig ist bitte "Report" anwählen. Es öffnet sich ein Fenster, den Text abkopieren und hier posten...

chris

Ohh!! Hab ich vergessen.

Windows 7 Prof. 32bit mit Service Pack 1

Hi,

ok, Programme wo aufgeführt als "Admin" ausführen...

chris

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8286

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01.12.2011 21:08:17
mbam-log-2011-12-01 (21-08-17).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 169415
Laufzeit: 10 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Passwords) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Vincenzo\AppData\Roaming\acroiehelpe054.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Users\Vincenzo\AppData\Roaming\acroiehelpe053.dll (Trojan.Passwords) -> Quarantined and deleted successfully.
c:\Users\Vincenzo\AppData\Roaming\appconf32.exe (Malware.Gen) -> Quarantined and deleted successfully.

Hi,

STOP!
Kein Quickscann, FULLSCAN!
Und sofort von einem sauberen Rechner aus alle Internetpasswörter ändern!

chris

C:\Windows\system32\Macromed\Flash\NPSWF32.dll

Antivirus Version Last Update Result
AhnLab-V3 2011.12.03.00 2011.12.03 -
AntiVir 7.11.18.204 2011.12.02 -
Antiy-AVL 2.0.3.7 2011.12.03 -
Avast 6.0.1289.0 2011.12.03 -
AVG 10.0.0.1190 2011.12.03 -
BitDefender 7.2 2011.12.03 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.03 -
ClamAV 0.97.3.0 2011.12.03 -
Commtouch 5.3.2.6 2011.12.03 -
Comodo 10827 2011.12.03 -
DrWeb 5.0.2.03300 2011.12.03 -
Emsisoft 5.1.0.11 2011.12.03 -
eSafe 7.0.17.0 2011.12.01 -
eTrust-Vet 37.0.9600 2011.12.02 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.03 -
Fortinet 4.3.388.0 2011.12.03 -
GData 22.295/22.549 2011.12.03 -
Ikarus T3.1.1.109.0 2011.12.03 -
Jiangmin 13.0.900 2011.12.03 -
K7AntiVirus 9.119.5589 2011.12.03 -
Kaspersky 9.0.0.837 2011.12.03 -
McAfee 5.400.0.1158 2011.12.03 -
McAfee-GW-Edition 2010.1D 2011.12.03 -
Microsoft 1.7903 2011.12.03 -
NOD32 6668 2011.12.01 -
Norman 6.07.13 2011.12.03 -
nProtect 2011-12-03.01 2011.12.03 -
Panda 10.0.3.5 2011.12.03 -
PCTools 8.0.0.5 2011.12.03 -
Prevx 3.0 2011.12.03 -
Rising 23.86.04.02 2011.12.02 -
Sophos 4.71.0 2011.12.03 -
SUPERAntiSpyware 4.40.0.1006 2011.12.03 -
Symantec 20111.2.0.82 2011.12.03 -
TheHacker 6.7.0.1.352 2011.12.01 -
TrendMicro 9.500.0.1008 2011.12.03 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.03 -
VBA32 3.12.16.4 2011.12.03 -
VIPRE 11197 2011.12.03 -
ViRobot 2011.12.3.4807 2011.12.03 -
VirusBuster 14.1.97.0 2011.12.02 -
Additional information
MD5 : de3745a51b7ac7fedc356a83f76c8023
SHA1 : 7043c94cde62cec4fc5840121b7944463b227411
SHA256: d93b9d3bb342b98a5b33764d123dcf230087dab401728fdd86b091b359cee9bb
ssdeep: 196608:hiNCwoC243SsEPRASaRqrOiF5bnm6SzEBgQpqxLmntSXuFhbsBOp8m:gcjC2FOSMiF5y
6Sz8tpqxLmntSXunp8m
File size : 8527008 bytes
First seen: 2011-11-10 22:18:34
Last seen : 2011-12-03 16:33:06
TrID:
Win32 EXE PECompact compressed (generic) (76.8%)
Win32 Executable Generic (15.7%)
Generic Win/DOS Executable (3.7%)
DOS Executable Generic (3.6%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Adobe Systems, Inc.
copyright....: Adobe_ Flash_ Player. Copyright (c) 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
product......: Shockwave Flash
description..: Shockwave Flash 11.1 r102
original name: npswf32.dll
internal name: Adobe Flash Player 11.1
file version.: 11,1,102,55
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x5B9DE1
timedatestamp....: 0x4EAF86CE (Tue Nov 01 05:42:38 2011)
machinetype......: 0x14c (I386)

[[ 7 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x64DBF9, 0x64DC00, 6.85, b9eeac0cc6bed2b5f81f437e511cdca0
.rodata, 0x64F000, 0x10E0, 0x1200, 4.17, f9b675a1bd0fbf9eb19f171f153bf909
.rdata, 0x651000, 0x1406E5, 0x140800, 6.98, b7190453514f812ff9d8f5aca2ae8674
.data, 0x792000, 0x113EE4, 0x2E600, 5.24, 7db3d6a668f4bd44078b1dcf6f6760e5
.rodata, 0x8A6000, 0x4A0, 0x600, 4.82, 434f064a79169b10bce9f9048ecacdfc
.rsrc, 0x8A7000, 0x1C8A4, 0x1CA00, 5.92, dec31d2bc0ba83db7da3433728144add
.reloc, 0x8C4000, 0x45534, 0x45600, 5.48, e5799d99a3cd32c0f6faae8828fb96ba

[[ 17 import(s) ]]
VERSION.dll: VerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA, GetFileVersionInfoSizeW, GetFileVersionInfoW, VerQueryValueW
WINMM.dll: timeGetTime, waveInOpen, waveInPrepareHeader, waveInReset, timeSetEvent, timeKillEvent, timeEndPeriod, timeBeginPeriod, timeGetDevCaps, waveOutWrite, mixerGetID, waveInGetDevCapsA, waveOutGetDevCapsA, waveOutMessage, waveInMessage, mixerClose, mixerGetLineControlsA, mixerGetLineInfoA, mixerGetDevCapsA, mixerOpen, mixerGetControlDetailsA, waveOutRestart, waveOutPause, waveInGetPosition, mixerSetControlDetails, waveInUnprepareHeader, waveInClose, waveOutClose, waveInStop, waveInAddBuffer, waveInStart, waveOutReset, waveOutGetPosition, waveOutOpen, waveInGetNumDevs, waveOutGetNumDevs, waveInGetDevCapsW, waveOutGetDevCapsW, waveOutUnprepareHeader, waveOutPrepareHeader
WININET.dll: InternetSetOptionW, InternetCloseHandle, InternetReadFile, HttpSendRequestW, HttpOpenRequestA, InternetConnectA, InternetOpenA
CRYPT32.dll: CertNameToStrW, CryptDecodeObjectEx, CertFindRDNAttr, CertRDNValueToStrW, CryptFindOIDInfo, CertCompareCertificateName, CertAddCertificateContextToStore, CertEnumCertificatesInStore, CertCompareCertificate, CertVerifyTimeValidity, CertVerifyRevocation, CertOpenStore, CertAddStoreToCollection, CryptVerifyMessageSignature, CryptGetMessageCertificates, CertCreateCertificateContext, CertVerifySubjectCertificateContext, CertFindCertificateInStore, CertFreeCertificateContext, CertCloseStore
RPCRT4.dll: RpcStringFreeA, UuidToStringA
OLEAUT32.dll: -, -, -, -, -, -, -
urlmon.dll: CopyStgMedium
DSOUND.dll: -
KERNEL32.dll: GetModuleFileNameA, FindClose, FindNextFileW, DeleteFileW, RemoveDirectoryW, FindFirstFileW, SystemTimeToFileTime, GetSystemTime, GetFileSizeEx, CreateFileW, GetFileAttributesW, CreateDirectoryW, WideCharToMultiByte, DeleteFileA, WriteFile, CreateFileA, GetTempFileNameA, GetCurrentDirectoryA, CreateDirectoryA, GetEnvironmentVariableA, GlobalFree, FreeLibrary, GetVersionExW, GetProcessTimes, GlobalUnlock, GlobalLock, GetCurrentProcessId, GlobalSize, GlobalAlloc, GetSystemInfo, GetModuleHandleW, GetUserDefaultUILanguage, MoveFileExW, VirtualQuery, GetUserDefaultLangID, GetVersionExA, SetFilePointer, VerifyVersionInfoW, FindResourceA, CreateProcessA, CreateThread, ReadFile, GetFileSize, FindResourceExA, FindResourceExW, SetUnhandledExceptionFilter, GetTempPathW, InterlockedIncrement, InterlockedDecrement, GetTimeZoneInformation, ReleaseSemaphore, WaitForMultipleObjects, SetEvent, CreateSemaphoreW, GetTempFileNameW, GetSystemDirectoryW, ExpandEnvironmentStringsA, GetTempPathA, GetFileAttributesA, CreateMutexA, SetFilePointerEx, GetFileAttributesExW, GetFileInformationByHandle, GetVolumeInformationW, GetCurrentDirectoryW, SetCurrentDirectoryW, ExpandEnvironmentStringsW, OutputDebugStringA, TlsSetValue, UnmapViewOfFile, ReleaseMutex, MapViewOfFile, CreateFileMappingA, SetThreadPriority, GetSystemDirectoryA, TerminateThread, lstrcpyA, lstrlenA, CompareFileTime, LocalFree, QueryPerformanceCounter, QueryPerformanceFrequency, QueueUserAPC, OpenThread, SleepEx, SwitchToThread, GetProcessHeap, HeapFree, HeapSize, VirtualProtect, GetProcessAffinityMask, IsProcessorFeaturePresent, UnhandledExceptionFilter, RtlUnwind, ExitProcess, GetCommandLineA, GetSystemTimeAsFileTime, GetStdHandle, TerminateProcess, SizeofResource, LoadResource, LockResource, OpenFile, _lwrite, _lclose, FreeResource, LoadLibraryA, GetModuleFileNameW, lstrlenW, SetLastError, GetCurrentProcess, VirtualAlloc, FlushInstructionCache, RaiseException, LCMapStringW, GetTickCount, GetCurrentThreadId, GetLocaleInfoW, GetEnvironmentVariableW, GetLastError, ResetEvent, WaitForSingleObject, CloseHandle, CreateEventW, LoadLibraryW, GetProcAddress, GetCurrentThread, SetThreadAffinityMask, IsDBCSLeadByte, GetACP, GetCPInfo, MultiByteToWideChar, ExitThread, InterlockedExchange, InterlockedCompareExchange, Sleep, LeaveCriticalSection, EnterCriticalSection, DeleteCriticalSection, InitializeCriticalSection, TlsGetValue, IsDebuggerPresent, HeapAlloc, EnumSystemLocalesW, GetUserDefaultLCID, GetTimeFormatW, GetDateFormatW, CompareStringW, GetCurrencyFormatW, GetNumberFormatW, TlsFree, TlsAlloc, SetHandleCount, GetFileType, GetStartupInfoA, GetConsoleCP, GetConsoleMode, HeapReAlloc, HeapCreate, HeapDestroy, GetOEMCP, IsValidCodePage, LCMapStringA, InitializeCriticalSectionAndSpinCount, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, CreateSemaphoreA, GetEnvironmentStringsW, FlushFileBuffers, GetLocaleInfoA, SetStdHandle, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, GetStringTypeA, GetStringTypeW, CompareStringA, SetEnvironmentVariableA, SetEndOfFile, GetModuleHandleA, VirtualFree, DeviceIoControl, GetVersion, InterlockedExchangeAdd, CancelWaitableTimer, SetWaitableTimer, CreateWaitableTimerA, VerSetConditionMask, CreateEventA
USER32.dll: EnumDisplayDevicesW, EmptyClipboard, SetClipboardData, IsClipboardFormatAvailable, OpenClipboard, GetClipboardData, CloseClipboard, RegisterClipboardFormatW, IsWindow, GetWindowThreadProcessId, RemoveMenu, SetMenuItemInfoW, GetMenuItemInfoW, InsertMenuItemW, CreatePopupMenu, TrackPopupMenu, DrawMenuBar, DestroyMenu, CreateMenu, SetMenuInfo, MapVirtualKeyW, WaitForInputIdle, GetForegroundWindow, DialogBoxParamW, SetWindowTextA, RedrawWindow, DialogBoxIndirectParamW, EndDialog, GetDesktopWindow, GetDlgItem, SetWindowTextW, SendMessageTimeoutW, CreateIconIndirect, SetRectEmpty, GetCursor, DestroyIcon, LoadImageW, GetPropW, SetPropW, GetMonitorInfoW, GetClipboardFormatNameA, RegisterClipboardFormatA, SetWindowPos, DestroyCaret, DestroyWindow, RegisterClassA, CreateWindowExA, SetCapture, ReleaseCapture, GetSubMenu, ScreenToClient, GetCapture, GetCursorPos, WindowFromPoint, GetParent, GetTopWindow, PeekMessageW, GetQueueStatus, KillTimer, SetTimer, InvalidateRect, LoadIconW, RegisterClassW, IsWindowVisible, PostMessageW, GetFocus, SendMessageW, SendNotifyMessageW, GetKeyState, ReleaseDC, SetCursor, LoadStringW, MessageBoxW, EnableMenuItem, CheckMenuItem, FillRect, GetDC, BeginPaint, EndPaint, UnregisterClassA, SetFocus, GetWindowInfo, CopyRect, CreateWindowExW, RegisterClassExW, CallWindowProcW, PostQuitMessage, LoadCursorW, GetClassInfoExW, SetWindowLongW, MapWindowPoints, ShowWindow, DefWindowProcW, ClientToScreen, SendInput, GetKeyboardLayout, GetWindowLongW, GetWindowRect, UpdateLayeredWindow, EnumDisplayDevicesA, GetSystemMetrics, SetRect, OffsetRect, MonitorFromWindow, GetDoubleClickTime, EnumDisplaySettingsW, MoveWindow, SetCaretPos, CreateCaret, SystemParametersInfoW, ShowCaret, PostMessageA, RegisterWindowMessageA, GetClientRect, MessageBoxA
GDI32.dll: SetPixel, CreateDCA, GetICMProfileA, SelectPalette, RealizePalette, RectVisible, LPtoDP, StretchDIBits, GetStockObject, Rectangle, GetDeviceCaps, GetSystemPaletteEntries, GetClipBox, CreateSolidBrush, EnumFontFamiliesW, CreateBitmap, GetStretchBltMode, SetStretchBltMode, GetTextMetricsW, EnumFontFamiliesA, ExtTextOutA, SetTextColor, CreateFontIndirectA, IntersectClipRect, GetClipRgn, CreateRectRgn, SetTextAlign, SetBkMode, GetTextAlign, GetBkMode, GetTextColor, DeleteObject, CreateFontIndirectW, SelectClipRgn, GetBkColor, SetTextCharacterExtra, CreatePen, GetTextExtentPoint32W, GetCurrentObject, DPtoLP, GetTextExtentPoint32A, GetTextCharacterExtra, SetWorldTransform, SetGraphicsMode, GetWorldTransform, CreatePalette, StartDocW, EndDoc, StrokePath, ExtCreatePen, FillPath, StretchBlt, SetBkColor, ExtTextOutW, SelectObject, BitBlt, CreateDIBSection, GetObjectW, GdiFlush, DeleteDC, CreateCompatibleDC, RestoreDC, SelectClipPath, PolyBezierTo, GetFontData, EnumFontFamiliesExW, LineTo, MoveToEx, EndPath, BeginPath, SaveDC, SetPolyFillMode, StartPage, EndPage
COMDLG32.dll: GetSaveFileNameW, GetOpenFileNameW, CommDlgExtendedError, PrintDlgW
ADVAPI32.dll: CryptAcquireContextW, CryptGenRandom, CryptReleaseContext, RegOpenKeyExA, RegQueryValueExW, RegOpenKeyA, RegOpenKeyExW, RegDeleteValueA, RegQueryValueExA, RegCreateKeyExA, RegCreateKeyA, RegSetValueExA, RegCloseKey
SHELL32.dll: SHGetSpecialFolderLocation, SHAppBarMessage, SHGetFolderPathA, SHBrowseForFolderW, SHGetPathFromIDListW, SHGetFolderPathW, SHFileOperationW, SHGetDiskFreeSpaceExW
ole32.dll: ReleaseStgMedium, OleUninitialize, OleFlushClipboard, OleIsCurrentClipboard, CreateBindCtx, PropVariantClear, OleInitialize, CoInitialize, CoUninitialize, CoTaskMemFree, CoTaskMemAlloc, CoCreateInstance, OleSetClipboard, OleGetClipboard
WS2_32.dll: WSAIoctl, -, -, -, -, -, -, WSASocketW, -, -, -, -, -, -, WSACloseEvent, -, -, -, -, -, -, -, -, -, -, WSAEnumNetworkEvents, WSAEventSelect, WSACreateEvent, WSAAddressToStringA, -, -, -, -, -, -
mscms.dll: TranslateBitmapBits, DeleteColorTransform, CreateColorTransformW, OpenColorProfileW, CloseColorProfile

[[ 65 export(s) ]]
BrokerMainW, DllRegisterServer, DllUnregisterServer, FlashPlayer_11_1_102_55_FlashPlayer, Flash_DisableLocalSecurity, Flash_EnforceLocalSecurity, Java_ShockwaveFlash_CurrentFrame_stub, Java_ShockwaveFlash_FlashVersion_stub, Java_ShockwaveFlash_FrameLoaded_stub, Java_ShockwaveFlash_GetVariable_stub, Java_ShockwaveFlash_GotoFrame_stub, Java_ShockwaveFlash_IsPlaying_stub, Java_ShockwaveFlash_LoadMovie_stub, Java_ShockwaveFlash_Pan_stub, Java_ShockwaveFlash_PercentLoaded_stub, Java_ShockwaveFlash_Play_stub, Java_ShockwaveFlash_SetVariable_stub, Java_ShockwaveFlash_SetZoomRect_stub, Java_ShockwaveFlash_StopPlay_stub, Java_ShockwaveFlash_TCallFrame_stub, Java_ShockwaveFlash_TCallLabel_stub, Java_ShockwaveFlash_TCurrentFrame_stub, Java_ShockwaveFlash_TCurrentLabel_stub, Java_ShockwaveFlash_TGetProperty_stub, Java_ShockwaveFlash_TGotoFrame_stub, Java_ShockwaveFlash_TGotoLabel_stub, Java_ShockwaveFlash_TPlay_stub, Java_ShockwaveFlash_TSetProperty_stub, Java_ShockwaveFlash_TStopPlay_stub, Java_ShockwaveFlash_TotalFrames_stub, Java_ShockwaveFlash_Zoom_stub, NP_GetEntryPoints, NP_Initialize, NP_Shutdown, native_ShockwaveFlash_CurrentFrame, native_ShockwaveFlash_FlashVersion, native_ShockwaveFlash_FrameLoaded, native_ShockwaveFlash_GetVariable, native_ShockwaveFlash_GotoFrame, native_ShockwaveFlash_IsPlaying, native_ShockwaveFlash_LoadMovie, native_ShockwaveFlash_Pan, native_ShockwaveFlash_PercentLoaded, native_ShockwaveFlash_Play, native_ShockwaveFlash_SetVariable, native_ShockwaveFlash_SetZoomRect, native_ShockwaveFlash_StopPlay, native_ShockwaveFlash_TCallFrame, native_ShockwaveFlash_TCallLabel, native_ShockwaveFlash_TCurrentFrame, native_ShockwaveFlash_TCurrentLabel, native_ShockwaveFlash_TGetProperty, native_ShockwaveFlash_TGotoFrame, native_ShockwaveFlash_TGotoLabel, native_ShockwaveFlash_TPlay, native_ShockwaveFlash_TSetProperty, native_ShockwaveFlash_TStopPlay, native_ShockwaveFlash_TotalFrames, native_ShockwaveFlash_Zoom, register_ShockwaveFlash, unregister_ShockwaveFlash, unuse_ShockwaveFlash, unuse_netscape_plugin_Plugin, use_ShockwaveFlash, use_netscape_plugin_Plugin
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 6614528
CompanyName: Adobe Systems, Inc.
Debugger: 0
EntryPoint: 0x5b9de1
FileDescription: Shockwave Flash 11.1 r102
FileExtents: swf|spl|mfp
FileFlagsMask: 0x003f
FileOS: Win32
FileOpenName: Adobe Flash movie (*.swf)|FutureSplash movie (*.spl)|Adobe Flash Paper (*.mfp)
FileSize: 8.1 MB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 11,1,102,55
FileVersionNumber: 11.1.102.55
ImageVersion: 0.0
InitializedDataSize: 1905664
InternalName: Adobe Flash Player 11.1
LanguageCode: English (U.S.)
LegalCopyright: Adobe Flash Player. Copyright 1996-2011 Adobe Systems Incorporated. All Rights Reserved. Adobe and Flash are either trademarks or registered trademarks in the United States and/or other countries.
LegalTrademarks: Adobe Flash Player
LinkerVersion: 9.0
MIMEType: application/x-shockwave-flash|application/futuresplash
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Dynamic link library
OriginalFilename: npswf32.dll
PEType: PE32
ProductName: Shockwave Flash
ProductVersion: 11,1,102,55
ProductVersionNumber: 11.1.102.55
Subsystem: Windows GUI
SubsystemVersion: 5.0
TimeStamp: 2011:11:01 06:42:38+01:00
UninitializedDataSize: 0

C:\Programme\Mozilla Firefox\mozjs.dll

Antivirus Version Last Update Result
AhnLab-V3 2011.12.03.00 2011.12.03 -
AntiVir 7.11.18.204 2011.12.02 -
Antiy-AVL 2.0.3.7 2011.12.03 -
Avast 6.0.1289.0 2011.12.03 -
AVG 10.0.0.1190 2011.12.03 -
BitDefender 7.2 2011.12.03 -
ByteHero 1.0.0.1 2011.11.29 -
CAT-QuickHeal 12.00 2011.12.03 -
ClamAV 0.97.3.0 2011.12.03 -
Commtouch 5.3.2.6 2011.12.03 -
Comodo 10827 2011.12.03 -
Emsisoft 5.1.0.11 2011.12.03 -
eSafe 7.0.17.0 2011.12.01 -
eTrust-Vet 37.0.9600 2011.12.02 -
F-Prot 4.6.5.141 2011.11.29 -
F-Secure 9.0.16440.0 2011.12.03 -
Fortinet 4.3.388.0 2011.12.03 -
GData 22 2011.12.03 -
Ikarus T3.1.1.109.0 2011.12.03 -
Jiangmin 13.0.900 2011.12.03 -
K7AntiVirus 9.119.5589 2011.12.03 -
Kaspersky 9.0.0.837 2011.12.03 -
McAfee 5.400.0.1158 2011.12.03 -
McAfee-GW-Edition 2010.1D 2011.12.03 -
Microsoft 1.7903 2011.12.03 -
NOD32 6668 2011.12.01 -
Norman 6.07.13 2011.12.03 -
nProtect 2011-12-03.01 2011.12.03 -
Panda 10.0.3.5 2011.12.03 -
PCTools 8.0.0.5 2011.12.03 -
Prevx 3.0 2011.12.03 -
Rising 23.86.04.02 2011.12.02 -
Sophos 4.71.0 2011.12.03 -
SUPERAntiSpyware 4.40.0.1006 2011.12.03 -
Symantec 20111.2.0.82 2011.12.03 -
TheHacker 6.7.0.1.352 2011.12.01 -
TrendMicro 9.500.0.1008 2011.12.03 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.03 -
VBA32 3.12.16.4 2011.12.03 -
VIPRE 11197 2011.12.03 -
ViRobot 2011.12.3.4807 2011.12.03 -
VirusBuster 14.1.97.0 2011.12.02 -
Additional information
MD5 : 47a91e11a42f115d094dee60ec144ad7
SHA1 : 830b7c4027e34642f5a0c74e61bf6b4e03413155
SHA256: e8682b46ecb05c0e2bb5795e822902f0af1c7e2928ebb0214fb4398dbd09415e
ssdeep: 24576:/D5Rr11rvNTvf21JbFu8CTl88NicIS1b4PHtHK3rPatZv0NyAV+++kMseh:/DDr7vlu1J
Fu8Tfztq/yAsXh
File size : 1989592 bytes
First seen: 2011-11-06 11:54:54
Last seen : 2011-12-03 16:37:01
TrID:
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: Mozilla Corporation
Thawte Code Signing CA - G2
thawte Primary Root CA
Thawte Premium Server CA
signing date.: 7:54 05/11/2011
verified.....: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x15E4D0
timedatestamp....: 0x4EB4979C (Sat Nov 05 01:55:40 2011)
machinetype......: 0x14c (I386)

[[ 4 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x15E4AB, 0x15F000, 6.57, 556c0c1e9e9223070130e4a8fc7bad1a
.rdata, 0x160000, 0x55E42, 0x56000, 3.69, ec4cdfb77667fc979d8569d3fb87d4d6
.data, 0x1B6000, 0x20974, 0x20000, 1.25, 82fa29390def7c2b227176e4a50579c9
.reloc, 0x1D7000, 0xDFD2, 0xE000, 6.09, 6a39c15c40f24d213c56d12c1a6c2298

[[ 4 import(s) ]]
nspr4.dll: PR_FindFunctionSymbol, PR_FindSymbol, PR_LoadLibraryWithFlags, PR_UnloadLibrary, PR_CallOnce, PR_CreateThread, PR_JoinThread, PR_IntervalNow, PR_IntervalToMilliseconds, PR_GetCurrentThread, PR_NotifyAllCondVar, PR_NewLock, PR_NewCondVar, PR_DestroyLock, PR_DestroyCondVar, PR_NotifyCondVar, PR_WaitCondVar, PR_Unlock, PR_Lock
KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, GetSystemInfo, EnterCriticalSection, SetCriticalSectionSpinCount, LeaveCriticalSection, GetSystemTimeAdjustment, DeleteCriticalSection, InterlockedExchange, InitializeCriticalSectionAndSpinCount, VirtualAlloc, VirtualFree, VirtualQuery, GetSystemTimeAsFileTime, QueryPerformanceCounter, QueryPerformanceFrequency
WINMM.dll: timeBeginPeriod, timeEndPeriod
MOZCRT19.dll: _malloc_crt, _initterm, _initterm_e, _amsg_exit, _adjust_fdiv, __CppXcptFilter, _crt_debugger_hook, _except_handler4_common, __clean_type_info_names_internal, _encoded_null, _time64, _decode_pointer, _onexit, _lock, memset, memcpy, _fstat64i32, malloc, calloc, realloc, free, _isnan, floor, _purecall, __3@YAXPAX@Z, ___V@YAXPAX@Z, memmove, strncmp, getc, __iob_func, fclose, fopen, isspace, isdigit, _CIfmod, isalpha, _errno, _setjmp3, _fileno, acos, asin, atan, _copysign, _CIatan2, ceil, cos, _CIexp, log, _CIpow, _CIsqrt, sin, sqrt, tan, fabs, localeconv, _HUGE, tolower, isxdigit, strchr, isprint, sprintf, ungetc, fputc, exit, fflush, fprintf, _CIlog10, strstr, _localtime64, _tzset, strftime, _set_invalid_parameter_handler, getenv, vfprintf, bsearch, _fpclass, _finite, abort, _unlock, __dllonexit, _encode_pointer

[[ 868 export(s) ]]
__0ArrayBuffer@js@@QAE@XZ, __0AutoEnterFrameCompartment@JS@@QAE@XZ, __0AutoEnterScriptCompartment@JS@@QAE@XZ, __0ForceFrame@js@@QAE@PAUJSContext@@PAUJSObject@@@Z, __0JSAutoEnterCompartment@@QAE@XZ, __0JSAutoStructuredCloneBuffer@@QAE@XZ, __0JSCompartment@@QAE@PAUJSRuntime@@@Z, __0JSCrossCompartmentWrapper@@QAE@ABV0@@Z, __0JSCrossCompartmentWrapper@@QAE@I@Z, __0JSProxyHandler@js@@QAE@ABV01@@Z, __0JSProxyHandler@js@@QAE@PAX@Z, __0JSWrapper@@QAE@ABV0@@Z, __0JSWrapper@@QAE@I@Z, __0PerfMeasurement@JS@@QAE@W4EventMask@01@@Z, __1ArrayBuffer@js@@QAE@XZ, __1AutoEnterFrameCompartment@JS@@QAE@XZ, __1AutoEnterScriptCompartment@JS@@QAE@XZ, __1ForceFrame@js@@QAE@XZ, __1JSAutoEnterCompartment@@QAE@XZ, __1JSAutoStructuredCloneBuffer@@QAE@XZ, __1JSCompartment@@QAE@XZ, __1JSCrossCompartmentWrapper@@UAE@XZ, __1JSProxyHandler@js@@UAE@XZ, __1JSWrapper@@UAE@XZ, __1PerfMeasurement@JS@@QAE@XZ, __4ArrayBuffer@js@@QAEAAU01@ABU01@@Z, __4AutoEnterFrameCompartment@JS@@QAEAAV01@ABV01@@Z, __4AutoEnterScriptCompartment@JS@@QAEAAV01@ABV01@@Z, __4JSAutoEnterCompartment@@QAEAAV0@ABV0@@Z, __4JSCrossCompartmentWrapper@@QAEAAV0@ABV0@@Z, __4JSProxyHandler@js@@QAEAAV01@ABV01@@Z, __4JSWrapper@@QAEAAV0@ABV0@@Z, __4TypedArray@js@@QAEAAU01@ABU01@@Z, ___7JSCrossCompartmentWrapper@@6B@, ___7JSProxyHandler@js@@6B@, ___7JSWrapper@@6B@, _AllocGCChunk@js@@YAPAXXZ, _Call@JS@@YA_NPAUJSContext@@_K1IPA_K2@Z, _DeepBail@js@@YAXPAUJSContext@@@Z, _ExtractPerfMeasurement@JS@@YAPAVPerfMeasurement@1@_K@Z, _FixProxy@js@@YAHPAUJSContext@@PAUJSObject@@PAH@Z, _FreeGCChunk@js@@YAXPAX@Z, _FunctionProxyClass@js@@3UClass@1@A, _GCThingSizeMap@gc@js@@3QBEB, _GetPropertyNames@js@@YA_NPAUJSContext@@PAUJSObject@@IPAVAutoIdVector@1@@Z, _IsAboutToBeFinalized@@YA_NPAUJSContext@@PBX@Z, _IterateCompartmentsArenasCells@js@@YAXPAUJSContext@@PAXP6AX01PAUJSCompartment@@@ZP6AX01PAUArena@gc@1@II@ZP6AX011II@Z@Z, _JS_GetArrayBufferByteLength@@YAIPAUJSObject@@@Z, _JS_GetArrayBufferData@@YAPAEPAUJSObject@@@Z, _JS_GetTypedArrayBuffer@@YAPAUJSObject@@PAU1@@Z, _JS_GetTypedArrayByteLength@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayByteOffset@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayData@@YAPAXPAUJSObject@@@Z, _JS_GetTypedArrayLength@@YAIPAUJSObject@@@Z, _JS_GetTypedArrayType@@YAIPAUJSObject@@@Z, _LeaveTrace@js@@YAXPAUJSContext@@@Z, _MarkContext@js@@YAXPAUJSTracer@@PAUJSContext@@@Z, _NULLABLE_OBJ_TO_INNER_OBJECT@@YA_NPAUJSContext@@AAPAUJSObject@@@Z, _New@JSWrapper@@SAPAUJSObject@@PAUJSContext@@PAU2@11PAV1@@Z, _NewProxyObject@js@@YAPAUJSObject@@PAUJSContext@@PAVJSProxyHandler@1@ABVValue@1@PAU2@333@Z, _ObjectProxyClass@js@@3UClass@1@A, _OuterWindowProxyClass@js@@3UClass@1@A, _ParseJSONWithReviver@js@@YAHPAUJSContext@@PB_WIABVValue@1@PAV31@W4DecodingMode@@@Z, _RegisterPerfMeasurement@JS@@YAPAUJSObject@@PAUJSContext@@PAU2@@Z, _TriggerOperationCallback@js@@YAXPAUJSContext@@@Z, _addDebuggee@JSCompartment@@QAE_NPAUJSContext@@PAVGlobalObject@js@@@Z, _adopt@JSAutoStructuredCloneBuffer@@QAEXPA_KII@Z, _allocAndInitTraceMonitor@JSCompartment@@QAEPAUTraceMonitor@js@@PAUJSContext@@@Z, _allocMathCache@JSCompartment@@AAEPAVMathCache@js@@PAUJSContext@@@Z, _arenaListsAreEmpty@JSCompartment@@QAE_NXZ, _backEdgeCount@JSCompartment@@QBEIPAE@Z, _call@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _call@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@@Z, _call@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _canMeasureSomething@PerfMeasurement@JS@@SA_NXZ, _charsHeapSize@JSString@@QAEIXZ, _class_constructor@ArrayBuffer@js@@SAHPAUJSContext@@IPAVValue@2@@Z, _clear@JSAutoStructuredCloneBuffer@@QAEXXZ, _clearBreakpointsIn@JSCompartment@@QAEXPAUJSContext@@PAVDebugger@js@@PAUJSScript@@PAUJSObject@@@Z, _clearTraps@JSCompartment@@QAEXPAUJSContext@@PAUJSScript@@@Z, _clone@JSObject@@QAEPAU1@PAUJSContext@@PAU1@1@Z, _committedSize@StackSpace@js@@QAEIXZ, _construct@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@2@Z, _construct@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@2@Z, _construct@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@2@Z, _copy@JSAutoStructuredCloneBuffer@@QAE_NPB_KII@Z, _copyPropertiesFrom@JSObject@@QAE_NPAUJSContext@@PAU1@@Z, _create@ArrayBuffer@js@@SAPAUJSObject@@PAUJSContext@@H@Z, _data@JSAutoStructuredCloneBuffer@@QBEPA_KXZ, _debugMode@JSCompartment@@QBE_NXZ, _defaultValue@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@js@@@Z, _defaultValue@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@2@@Z, _defaultValue@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@W4JSType@@PAVValue@js@@@Z, _defineProperty@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPAUPropertyDescriptor@js@@@Z, _defineProperty@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPAUPropertyDescriptor@js@@@Z, _delete_@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _delete_@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _drainMarkStack@GCMarker@js@@QAEXXZ, _ensureJaegerCompartmentExists@JSCompartment@@QAE_NPAUJSContext@@@Z, _ensureSpaceSlow@StackSpace@js@@ABE_NPAUJSContext@@W4MaybeReportError@2@PAVValue@2@H@Z, _enter@AutoEnterFrameCompartment@JS@@QAE_NPAUJSContext@@PAUJSStackFrame@@@Z, _enter@AutoEnterScriptCompartment@JS@@QAE_NPAUJSContext@@PAUJSScript@@@Z, _enter@ForceFrame@js@@QAE_NXZ, _enter@JSAutoEnterCompartment@@QAE_NPAUJSContext@@PAUJSObject@@@Z, _enter@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HW4Action@1@PA_N@Z, _enterAndIgnoreErrors@JSAutoEnterCompartment@@QAEXPAUJSContext@@PAUJSObject@@@Z, _entered@AutoEnterScriptCompartment@JS@@QBE_NXZ, _entered@JSAutoEnterCompartment@@QBE_NXZ, _enumerate@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _enumerate@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _family@JSProxyHandler@js@@QAEPAXXZ, _fastClass@ArrayBuffer@js@@2UClass@2@A, _fastClasses@TypedArray@js@@2PAUClass@2@A, _finalize@JSProxyHandler@js@@UAEXPAUJSContext@@PAUJSObject@@@Z, _finalizeObjectArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finalizeShapeArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finalizeStringArenaLists@JSCompartment@@QAEXPAUJSContext@@@Z, _finishArenaLists@JSCompartment@@QAEXXZ, _fix@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PAVValue@js@@@Z, _flags@JSWrapper@@QBEIXZ, _fun_toString@JSCrossCompartmentWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _fun_toString@JSProxyHandler@js@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _fun_toString@JSWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@I@Z, _get@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@js@@@Z, _get@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@2@@Z, _get@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1HPAVValue@js@@@Z, _getArrayBuffer@ArrayBuffer@js@@SAPAUJSObject@@PAU3@@Z, _getBreakpointSite@JSCompartment@@QAEPAVBreakpointSite@js@@PAE@Z, _getBuffer@TypedArray@js@@SAPAUJSObject@@PAU3@@Z, _getByteLength@ArrayBuffer@js@@SAIPAUJSObject@@@Z, _getByteLength@TypedArray@js@@SAIPAUJSObject@@@Z, _getByteOffset@TypedArray@js@@SAIPAUJSObject@@@Z, _getCodeAllocStats@TraceMonitor@js@@QBEXAAI00@Z, _getDataOffset@ArrayBuffer@js@@SAPAEPAUJSObject@@@Z, _getDataOffset@TypedArray@js@@SAPAXPAUJSObject@@@Z, _getDebuggees@JSCompartment@@QAEAAV_$HashSet@PAVGlobalObject@js@@U_$DefaultHasher@PAVGlobalObject@js@@@2@VSystemAllocPolicy@2@@js@@XZ, _getGlobal@JSObject@@QBEPAVGlobalObject@js@@XZ, _getLength@TypedArray@js@@SAIPAUJSObject@@@Z, _getMathCache@JSCompartment@@QAEPAVMathCache@js@@PAUJSContext@@@Z, _getMjitCodeSize@JSCompartment@@QBEIXZ, _getOrCreateBreakpointSite@JSCompartment@@QAEPAVBreakpointSite@js@@PAUJSContext@@PAUJSScript@@PAEPAUJSObject@@@Z, _getOwnPropertyDescriptor@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getOwnPropertyDescriptor@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getOwnPropertyNames@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _getOwnPropertyNames@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _getPropertyDescriptor@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getPropertyDescriptor@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@H_NPAUPropertyDescriptor@js@@@Z, _getTraceMonitorSize@TraceMonitor@js@@QBEIXZ, _getType@TypedArray@js@@SAIPAUJSObject@@@Z, _getTypedArray@TypedArray@js@@SAPAUJSObject@@PAU3@@Z, _getVMAllocatorsMainSize@TraceMonitor@js@@QBEIXZ, _getVMAllocatorsReserveSize@TraceMonitor@js@@QBEIXZ, _getWrapperFamily@JSWrapper@@SAPAXXZ, _has@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _has@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _has@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasInstance@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@js@@PA_N@Z, _hasInstance@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@2@PA_N@Z, _hasInstance@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@PBVValue@js@@PA_N@Z, _hasJaegerCompartment@JSCompartment@@QAE_NXZ, _hasOwn@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasOwn@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasOwn@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@HPA_N@Z, _hasScriptsOnStack@JSCompartment@@QAE_NPAUJSContext@@@Z, _hasTraceMonitor@JSCompartment@@QAE_NXZ, _incBackEdgeCount@JSCompartment@@QAEIPAE@Z, _init@JSCompartment@@QAE_NXZ, _isArrayIndex@TypedArray@js@@SA_NPAUJSContext@@PAUJSObject@@HPAI@Z, _isOuterWindow@JSProxyHandler@js@@UAE_NXZ, _isWrapper@JSObject@@QBE_NXZ, _iterate@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _iterate@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@2@@Z, _iterate@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@IPAVValue@js@@@Z, _jaegerCompartment@JSCompartment@@QBEPAVJaegerCompartment@mjit@js@@XZ, _jitDataSize@JSScript@@QAEIXZ, _js_AnyNameClass@@3UClass@js@@A, _js_AttributeNameClass@@3UClass@js@@A, _js_CallClass@@3UClass@js@@A, _js_CallNewScriptHook@@YAXPAUJSContext@@PAUJSScript@@PAUJSFunction@@@Z, _js_CheckUndeclaredVarAssignment@@YA_NPAUJSContext@@PAVJSString@@@Z, _js_CloneRegExpObject@@YIPAUJSObject@@PAUJSContext@@PAU1@1@Z, _js_CloseIterator@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_CreateArrayBuffer@@YAPAUJSObject@@PAUJSContext@@I@Z, _js_CreateTypedArray@@YAPAUJSObject@@PAUJSContext@@HI@Z, _js_CreateTypedArrayWithArray@@YAPAUJSObject@@PAUJSContext@@HPAU1@@Z, _js_CreateTypedArrayWithBuffer@@YAPAUJSObject@@PAUJSContext@@HPAU1@HH@Z, _js_DateGetDate@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetHours@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMinutes@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMonth@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetMsecSinceEpoch@@YANPAUJSContext@@PAUJSObject@@@Z, _js_DateGetSeconds@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateGetYear@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DateIsValid@@YAHPAUJSContext@@PAUJSObject@@@Z, _js_DeclEnvClass@@3UClass@js@@A, _js_Enumerate@@YAHPAUJSContext@@PAUJSObject@@W4JSIterateOp@@PAVValue@js@@PAH@Z, _js_FindProperty@@YAHPAUJSContext@@HPAPAUJSObject@@1PAPAUJSProperty@@@Z, _js_FunctionClass@@3UClass@js@@A, _js_GCThingIsMarked@@YA_NPAXI@Z, _js_GetClassPrototype@@YAHPAUJSContext@@PAUJSObject@@W4JSProtoKey@@PAPAU2@PAUClass@js@@@Z, _js_GetErrorMessage@@YAPBUJSErrorFormatString@@PAXPBDI@Z, _js_GetGCThingTraceKind@@YAIPAX@Z, _js_GetSCOffset@@YA_KPAUJSStructuredCloneWriter@@@Z, _js_GetScriptLineExtent@@YAIPAUJSScript@@@Z, _js_GetterOnlyPropertyStub@@YAHPAUJSContext@@PAUJSObject@@HHPA_K@Z, _js_InitTypedArrayClasses@@YAPAUJSObject@@PAUJSContext@@PAU1@@Z, _js_IntervalNow@@YAIXZ, _js_IsArrayBuffer@@YAHPAUJSObject@@@Z, _js_IsTypedArray@@YAHPAUJSObject@@@Z, _js_LookupProperty@@YAHPAUJSContext@@PAUJSObject@@HPAPAU2@PAPAUJSProperty@@@Z, _js_NamespaceClass@@3UClass@js@@A, _js_NewDateObject@@YAPAUJSObject@@PAUJSContext@@HHHHHH@Z, _js_NewDateObjectMsec@@YAPAUJSObject@@PAUJSContext@@N@Z, _js_NextActiveContext@@YAPAUJSContext@@PAUJSRuntime@@PAU1@@Z, _js_ObjectIsRegExp@@YAHPAUJSObject@@@Z, _js_QNameClass@@3UClass@js@@A, _js_ReportAllocationOverflow@@YAXPAUJSContext@@@Z, _js_ReportErrorAgain@@YAXPAUJSContext@@PBDPAUJSErrorReport@@@Z, _js_ReportOverRecursed@@YAXPAUJSContext@@@Z, _js_ScriptClass@@3UClass@js@@A, _js_SetTraceableNativeFailed@@YAXPAUJSContext@@@Z, _js_ValueToIterator@@YAHPAUJSContext@@IPAVValue@js@@@Z, _js_ValueToSource@@YAPAVJSString@@PAUJSContext@@ABVValue@js@@@Z, _js_XMLClass@@3UClass@js@@A, _js_fgets@@YAHPADHPAU_iobuf@@@Z, _js_obj_defineGetter@@YAHPAUJSContext@@IPAVValue@js@@@Z, _js_obj_defineSetter@@YAHPAUJSContext@@IPAVValue@js@@@Z, _jsprops@ArrayBuffer@js@@2PAUJSPropertySpec@@A, _jsprops@TypedArray@js@@2PAUJSPropertySpec@@A, _keys@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _keys@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@2@@Z, _keys@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@AAVAutoIdVector@js@@@Z, _leave@JSWrapper@@UAEXPAUJSContext@@PAUJSObject@@@Z, _markBreakpointsIteratively@JSCompartment@@QAE_NPAUJSTracer@@@Z, _markCrossCompartmentWrappers@JSCompartment@@QAEXPAUJSTracer@@@Z, _nbytes@JSAutoStructuredCloneBuffer@@QBEIXZ, _obj_defineProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPBVValue@2@P6AH01HPAV52@@ZP6AH01HH3@ZI@Z, _obj_deleteProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@H@Z, _obj_enumerate@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@W4JSIterateOp@@PAVValue@2@PAH@Z, _obj_getAttributes@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_getAttributes@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_getProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@1HPAVValue@2@@Z, _obj_lookupProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAPAU4@PAPAUJSProperty@@@Z, _obj_lookupProperty@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAPAU4@PAPAUJSProperty@@@Z, _obj_setAttributes@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_setAttributes@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAI@Z, _obj_setProperty@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@H@Z, _obj_toString@JSCrossCompartmentWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_toString@JSProxyHandler@js@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_toString@JSWrapper@@UAEPAVJSString@@PAUJSContext@@PAUJSObject@@@Z, _obj_trace@ArrayBuffer@js@@SAXPAUJSTracer@@PAUJSObject@@@Z, _obj_typeOf@ArrayBuffer@js@@SA_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _onOutOfMemory@JSRuntime@@QAEPAXPAXIPAUJSContext@@@Z, _onOutOfMemory@TempAllocPolicy@js@@AAEPAXPAXI@Z, _onTooMuchMalloc@JSRuntime@@QAEXXZ, _prop_getBuffer@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteLength@ArrayBuffer@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteLength@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getByteOffset@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _prop_getLength@TypedArray@js@@SAHPAUJSContext@@PAUJSObject@@HPAVValue@2@@Z, _purge@JSCompartment@@QAEXPAUJSContext@@@Z, _read@JSAutoStructuredCloneBuffer@@QBE_NPAUJSContext@@PA_KPBUJSStructuredCloneCallbacks@@PAX@Z, _reduceGCTriggerBytes@JSCompartment@@QAEXI@Z, _removeDebuggee@JSCompartment@@QAEXPAUJSContext@@PAVGlobalObject@js@@PAVEnum@_$HashTable@QAVGlobalObject@js@@USetOps@_$HashSet@PAVGlobalObject@js@@U_$ DefaultHasher@PAVGlobalObject@js@@@2@VSystemAllocPolicy@2@@2@VSystemAllocPolicy@2@@detail@4@@Z, _replenishAndFreeLater@GCHelperThread@js@@AAEXPAX@Z, _reportAllocOverflow@TempAllocPolicy@js@@QBEXXZ, _reset@PerfMeasurement@JS@@QAEXXZ, _set@JSCrossCompartmentWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@js@@@Z, _set@JSProxyHandler@js@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@2@@Z, _set@JSWrapper@@UAE_NPAUJSContext@@PAUJSObject@@1H_NPAVValue@js@@@Z, _setDebugModeFromC@JSCompartment@@QAE_NPAUJSContext@@_N@Z, _setGCLastBytes@JSCompartment@@QAEXIW4JSGCInvocationKind@@@Z, _sharedNonNative@Shape@js@@2U12@A, _singleton@JSCrossCompartmentWrapper@@2V1@A, _singleton@JSWrapper@@2V1@A, _slotWidth@TypedArray@js@@SAHPAUJSObject@@@Z, _slowClass@ArrayBuffer@js@@2UClass@2@A, _slowClasses@TypedArray@js@@2PAUClass@2@A, _start@PerfMeasurement@JS@@QAEXXZ, _steal@JSAutoStructuredCloneBuffer@@QAEXPAPA_KPAI1@Z, _stop@PerfMeasurement@JS@@QAEXXZ, _swap@JSAutoEnterCompartment@@QAEXAAV1@@Z, _swap@JSAutoStructuredCloneBuffer@@QAEXAAV1@@Z, _sweep@JSCompartment@@QAEXPAUJSContext@@I@Z, _sweepBreakpoints@JSCompartment@@AAEXPAUJSContext@@@Z, _thisForCtor@JSCompartment@@AAEPAU1@XZ, _totalSize@JSScript@@QAEIXZ, _trace@JSCrossCompartmentWrapper@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _trace@JSProxyHandler@js@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _trace@JSWrapper@@UAEXPAUJSTracer@@PAUJSObject@@@Z, _traceMonitor@JSCompartment@@QBEPAUTraceMonitor@js@@XZ, _typeOf@JSProxyHandler@js@@UAE_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _typeOf@JSWrapper@@UAE_AW4JSType@@PAUJSContext@@PAUJSObject@@@Z, _unwrap@JSObject@@QAEPAU1@PAI@Z, _updateForDebugMode@JSCompartment@@AAEXPAUJSContext@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@AAVAutoIdVector@js@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAP6AH0PAUJSObject@@HHPAVValue@js@@@Z@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAP6AH0PAUJSObject@@HPAVValue@js@@@Z@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAPAUJSObject@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAPAVJSString@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAUPropertyDescriptor@js@@@Z, _wrap@JSCompartment@@QAE_NPAUJSContext@@PAVValue@js@@@Z, _wrapId@JSCompartment@@QAE_NPAUJSContext@@PAH@Z, _wrappedObject@JSWrapper@@SAPAUJSObject@@PBU2@@Z, _wrapperHandler@JSWrapper@@SAPAV1@PBUJSObject@@@Z, _write@JSAutoStructuredCloneBuffer@@QAE_NPAUJSContext@@_KPBUJSStructuredCloneCallbacks@@PAX@Z, @JS_DHashTableOperate@12, JS_AddArgumentFormatter, JS_AddExternalStringFinalizer, JS_AddGCThingRoot, JS_AddNamedGCThingRoot, JS_AddNamedObjectRoot, JS_AddNamedStringRoot, JS_AddNamedValueRoot, JS_AddObjectRoot, JS_AddStringRoot, JS_AddValueRoot, JS_AlreadyHasOwnElement, JS_AlreadyHasOwnProperty, JS_AlreadyHasOwnPropertyById, JS_AlreadyHasOwnUCProperty, JS_AnchorPtr, JS_ArenaAllocate, JS_ArenaFinish, JS_ArenaGrow, JS_ArenaRealloc, JS_ArenaRelease, JS_ArenaShutDown, JS_Assert, JS_AtomKey, JS_BeginRequest, JS_BufferIsCompilableUnit, JS_CStringsAreUTF8, JS_CallFunction, JS_CallFunctionName, JS_CallFunctionValue, JS_CallTracer, JS_CeilingLog2, JS_CheckAccess, JS_ClearAllTrapsForCompartment, JS_ClearAllWatchPoints, JS_ClearContextDebugHooks, JS_ClearContextThread, JS_ClearInterrupt, JS_ClearPendingException, JS_ClearRegExpStatics, JS_ClearScope, JS_ClearScriptTraps, JS_ClearTrap, JS_ClearWatchPoint, JS_ClearWatchPointsForObject, JS_CloneFunctionObject, JS_CompareStrings, JS_CompareValues, JS_CompartmentGC, JS_CompileFile, JS_CompileFileHandle, JS_CompileFileHandleForPrincipals, JS_CompileFileHandleForPrincipalsVersion, JS_CompileFunction, JS_CompileFunctionForPrincipals, JS_CompileScript, JS_CompileScriptForPrincipals, JS_CompileScriptForPrincipalsVersion, JS_CompileUCFunction, JS_CompileUCFunctionForPrincipals, JS_CompileUCFunctionForPrincipalsVersion, JS_CompileUCScript, JS_CompileUCScriptForPrincipals, JS_CompileUCScriptForPrincipalsVersion, JS_ComputeThis, JS_ConcatStrings, JS_ConstructObject, JS_ConstructObjectWithArguments, JS_ContextIterator, JS_ConvertArguments, JS_ConvertArgumentsVA, JS_ConvertStub, JS_ConvertValue, JS_DHashAllocTable, JS_DHashClearEntryStub, JS_DHashFinalizeStub, JS_DHashFreeStringKey, JS_DHashFreeTable, JS_DHashGetStubOps, JS_DHashMatchEntryStub, JS_DHashMatchStringKey, JS_DHashMoveEntryStub, JS_DHashStringKey, JS_DHashTableDestroy, JS_DHashTableEnumerate, JS_DHashTableFinish, JS_DHashTableInit, JS_DHashTableRawRemove, JS_DHashTableSetAlphaBounds, JS_DHashVoidPtrKeyStub, JS_DecodeBytes, JS_DecodeUTF8, JS_DecompileFunction, JS_DecompileFunctionBody, JS_DecompileScript, JS_DecompileScriptObject, JS_DeepFreezeObject, JS_DefaultValue, JS_DefineConstDoubles, JS_DefineDebuggerObject, JS_DefineElement, JS_DefineFunction, JS_DefineFunctionById, JS_DefineFunctions, JS_DefineObject, JS_DefineOwnProperty, JS_DefineProfilingFunctions, JS_DefineProperties, JS_DefineProperty, JS_DefinePropertyById, JS_DefinePropertyWithTinyId, JS_DefineUCFunction, JS_DefineUCProperty, JS_DefineUCPropertyWithTinyId, JS_DeleteElement, JS_DeleteElement2, JS_DeleteProperty, JS_DeleteProperty2, JS_DeletePropertyById, JS_DeletePropertyById2, JS_DeleteUCProperty2, JS_DestroyContext, JS_DestroyContextMaybeGC, JS_DestroyContextNoGC, JS_DestroyIdArray, JS_DoubleIsInt32, JS_DoubleToInt32, JS_DoubleToUint32, JS_DropExceptionState, JS_DropPrincipals, JS_DumpBytecode, JS_DumpCompartmentBytecode, JS_DumpProfile, JS_EncodeCharacters, JS_EncodeString, JS_EncodeStringToBuffer, JS_EndPC, JS_EndRequest, JS_EnterCrossCompartmentCall, JS_EnterCrossCompartmentCallScript, JS_EnterCrossCompartmentCallStackFrame, JS_Enumerate, JS_EnumerateDiagnosticMemoryRegions, JS_EnumerateResolvedStandardClasses, JS_EnumerateStandardClasses, JS_EnumerateStub, JS_ErrorFromException, JS_EvaluateInStackFrame, JS_EvaluateScript, JS_EvaluateScriptForPrincipals, JS_EvaluateScriptForPrincipalsVersion, JS_EvaluateUCInStackFrame, JS_EvaluateUCScript, JS_EvaluateUCScriptForPrincipals, JS_EvaluateUCScriptForPrincipalsVersion, JS_ExecuteRegExp, JS_ExecuteRegExpNoStatics, JS_ExecuteScript, JS_ExecuteScriptVersion, JS_FileEscapedString, JS_FinalizeStub, JS_FindCompilationScope, JS_Finish, JS_FinishArenaPool, JS_FlatStringEqualsAscii, JS_FlattenString, JS_FloorLog2, JS_FlushCaches, JS_FrameIterator, JS_FreeArenaPool, JS_FreezeObject, JS_FunctionHasLocalNames, JS_GC, JS_GCInfoFront, JS_GCInfoPopFront, JS_GetAnonymousString, JS_GetArrayLength, JS_GetClass, JS_GetClassObject, JS_GetCompartmentPrivate, JS_GetConstructor, JS_GetContextPrivate, JS_GetContextThread, JS_GetCustomIteratorCount, JS_GetDebugMode, JS_GetE4XObjectsCreated, JS_GetElement, JS_GetEmptyString, JS_GetEmptyStringValue, JS_GetExternalStringClosure, JS_GetFlatStringChars, JS_GetFrameAnnotation, JS_GetFrameCallObject, JS_GetFrameCalleeObject, JS_GetFrameFunction, JS_GetFrameFunctionObject, JS_GetFrameObject, JS_GetFramePC, JS_GetFramePrincipalArray, JS_GetFrameReturnValue, JS_GetFrameScopeChain, JS_GetFrameScopeChainRaw, JS_GetFrameScript, JS_GetFrameThis, JS_GetFunctionArgumentCount, JS_GetFunctionArity, JS_GetFunctionFlags, JS_GetFunctionId, JS_GetFunctionLocalNameArray, JS_GetFunctionNative, JS_GetFunctionObject, JS_GetFunctionScript, JS_GetFunctionTotalSize, JS_GetGCInfoEnabled, JS_GetGCParameter, JS_GetGCParameterForThread, JS_GetGlobalDebugHooks, JS_GetGlobalForObject, JS_GetGlobalForScopeChain, JS_GetGlobalObject, JS_GetImplementationVersion, JS_GetInstancePrivate, JS_GetInternedStringChars, JS_GetInternedStringCharsAndLength, JS_GetLinePCs, JS_GetLocaleCallbacks, JS_GetMethod, JS_GetMethodById, JS_GetNaNValue, JS_GetNegativeInfinityValue, JS_GetObjectId, JS_GetObjectTotalSize, JS_GetOperationCallback, JS_GetOptions, JS_GetOwnPropertyDescriptor, JS_GetParent, JS_GetPendingException, JS_GetPositiveInfinityValue, JS_GetPrivate, JS_GetProperty, JS_GetPropertyAttributes, JS_GetPropertyAttrsGetterAndSetter, JS_GetPropertyAttrsGetterAndSetterById, JS_GetPropertyById, JS_GetPropertyByIdDefault, JS_GetPropertyDefault, JS_GetPropertyDesc, JS_GetPropertyDescArray, JS_GetPropertyDescriptorById, JS_GetPrototype, JS_GetRegExpFlags, JS_GetRegExpSource, JS_GetReservedSlot, JS_GetRuntime, JS_GetRuntimePrivate, JS_GetRuntimeSecurityCallbacks, JS_GetScopeChain, JS_GetScriptBaseLineNumber, JS_GetScriptFilename, JS_GetScriptFromObject, JS_GetScriptLineExtent, JS_GetScriptPrincipals, JS_GetScriptSourceMap, JS_GetScriptTotalSize, JS_GetScriptVersion, JS_GetScriptedCaller, JS_GetSecurityCallbacks, JS_GetStringCharsAndLength, JS_GetStringCharsZ, JS_GetStringCharsZAndLength, JS_GetStringEncodingLength, JS_GetStringLength, JS_GetTrapOpcode, JS_GetTypeName, JS_GetUCProperty, JS_GetUCPropertyAttributes, JS_GetUCPropertyAttrsGetterAndSetter, JS_GetValidFrameCalleeObject, JS_GetVersion, JS_HasElement, JS_HasInstance, JS_HasProperty, JS_HasPropertyById, JS_HasUCProperty, JS_HashString, JS_HashTableAdd, JS_HashTableDestroy, JS_HashTableDump, JS_HashTableEnumerateEntries, JS_HashTableLookup, JS_HashTableRawAdd, JS_HashTableRawLookup, JS_HashTableRawRemove, JS_HashTableRemove, JS_HoldPrincipals, JS_IdToValue, JS_Init, JS_InitArenaPool, JS_InitCTypesClass, JS_InitClass, JS_InitReflect, JS_InitStandardClasses, JS_InstanceOf, JS_InternJSString, JS_InternString, JS_InternUCString, JS_InternUCStringN, JS_IsAboutToBeFinalized, JS_IsArrayObject, JS_IsBuiltinEvalFunction, JS_IsBuiltinFunctionConstructor, JS_IsConstructorFrame, JS_IsDebuggerFrame, JS_IsExceptionPending, JS_IsExtensible, JS_IsExternalString, JS_IsGCMarkingTracer, JS_IsGlobalFrame, JS_IsInRequest, JS_IsNative, JS_IsRunning, JS_IsScriptFrame, JS_IsSystemObject, JS_LeaveCrossCompartmentCall, JS_LineNumberToPC, JS_LocalNameToAtom, JS_Lock, JS_LockGCThing, JS_LockGCThingRT, JS_LookupElement, JS_LookupProperty, JS_LookupPropertyById, JS_LookupPropertyWithFlags, JS_LookupPropertyWithFlagsById, JS_LookupUCProperty, JS_LooselyEqual, JS_MakeStringImmutable, JS_MakeSystemObject, JS_MapGCRoots, JS_MaybeGC, JS_New, JS_NewArrayObject, JS_NewCompartmentAndGlobalObject, JS_NewContext, JS_NewDHashTable, JS_NewDateObject, JS_NewDateObjectMsec, JS_NewDependentString, JS_NewExternalString, JS_NewExternalStringWithClosure, JS_NewFunction, JS_NewFunctionById, JS_NewGlobalObject, JS_NewGrowableString, JS_NewHashTable, JS_NewNumberValue, JS_NewObject, JS_NewObjectForConstructor, JS_NewObjectWithGivenProto, JS_NewPropertyIterator, JS_NewRegExpObject, JS_NewRegExpObjectNoStatics, JS_NewStringCopyN, JS_NewStringCopyZ, JS_NewUCRegExpObject, JS_NewUCRegExpObjectNoStatics, JS_NewUCString, JS_NewUCStringCopyN, JS_NewUCStringCopyZ, JS_NextProperty, JS_Now, JS_ObjectIsCallable, JS_ObjectIsDate, JS_ObjectIsFunction, JS_ObjectIsRegExp, JS_PCToLineNumber, JS_ParseJSON, JS_ParseJSONWithReviver, JS_PauseProfilers, JS_PropertyIterator, JS_PropertyStub, JS_PutEscapedFlatString, JS_PutEscapedString, JS_PutPropertyDescArray, JS_ReadBytes, JS_ReadStructuredClone, JS_ReadUint32Pair, JS_ReleaseFunctionLocalNameArray, JS_RemoveArgumentFormatter, JS_RemoveExternalStringFinalizer, JS_RemoveGCThingRoot, JS_RemoveObjectRoot, JS_RemoveStringRoot, JS_RemoveValueRoot, JS_ReportAllocationOverflow, JS_ReportError, JS_ReportErrorFlagsAndNumber, JS_ReportErrorFlagsAndNumberUC, JS_ReportErrorNumber, JS_ReportErrorNumberUC, JS_ReportOutOfMemory, JS_ReportPendingException, JS_ReportWarning, JS_ResolveStandardClass, JS_ResolveStub, JS_RestoreExceptionState, JS_RestoreFrameChain, JS_ResumeProfilers, JS_ResumeRequest, JS_SameValue, JS_SaveExceptionState, JS_SaveFrameChain, JS_SetArrayLength, JS_SetCStringsAreUTF8, JS_SetCTypesCallbacks, JS_SetCallHook, JS_SetCompartmentCallback, JS_SetCompartmentPrivate, JS_SetContextCallback, JS_SetContextDebugHooks, JS_SetContextPrivate, JS_SetContextSecurityCallbacks, JS_SetContextThread, JS_SetDebugErrorHook, JS_SetDebugMode, JS_SetDebugModeForCompartment, JS_SetDebuggerHandler, JS_SetDestroyScriptHookProc, JS_SetElement, JS_SetErrorReporter, JS_SetExecuteHook, JS_SetExtraGCRoots, JS_SetFrameAnnotation, JS_SetFrameReturnValue, JS_SetGCCallback, JS_SetGCCallbackRT, JS_SetGCInfoEnabled, JS_SetGCParameter, JS_SetGCParameterForThread, JS_SetGlobalObject, JS_SetInterrupt, JS_SetLocaleCallbacks, JS_SetNativeStackQuota, JS_SetNewScriptHookProc, JS_SetOperationCallback, JS_SetOptions, JS_SetParent, JS_SetPendingException, JS_SetPrivate, JS_SetProperty, JS_SetPropertyAttributes, JS_SetPropertyById, JS_SetProtoCalled, JS_SetPrototype, JS_SetRegExpInput, JS_SetReservedSlot, JS_SetRuntimeDebugMode, JS_SetRuntimePrivate, JS_SetRuntimeSecurityCallbacks, JS_SetSingleStepMode, JS_SetSourceHandler, JS_SetStructuredCloneCallbacks, JS_SetThreadStackLimit, JS_SetThrowHook, JS_SetTrap, JS_SetTrustedPrincipals, JS_SetUCProperty, JS_SetUCPropertyAttributes, JS_SetVersion, JS_SetWatchPoint, JS_SetWrapObjectCallbacks, JS_ShutDown, JS_StartProfiling, JS_StopProfiling, JS_StrictPropertyStub, JS_StrictlyEqual, JS_StringEqualsAscii, JS_StringHasBeenInterned, JS_StringToVersion, JS_Stringify, JS_StructuredClone, JS_SuspendRequest, JS_ThrowReportedError, JS_ThrowStopIteration, JS_ToggleOptions, JS_TraceChildren, JS_TraceRuntime, JS_TransplantObject, JS_TriggerAllOperationCallbacks, JS_TriggerOperationCallback, JS_TypeOfValue, JS_UndependString, JS_Unlock, JS_UnlockGCThing, JS_UnlockGCThingRT, JS_UnsafeGetLastProfilingError, JS_UnwrapObject, JS_ValueToBoolean, JS_ValueToConstructor, JS_ValueToECMAInt32, JS_ValueToECMAUint32, JS_ValueToFunction, JS_ValueToId, JS_ValueToInt32, JS_ValueToNumber, JS_ValueToObject, JS_ValueToSource, JS_ValueToString, JS_ValueToUint16, JS_VersionToString, JS_WrapObject, JS_WrapValue, JS_WriteBytes, JS_WriteStructuredClone, JS_WriteUint32Pair, JS_XDRBytes, JS_XDRCString, JS_XDRCStringOrNull, JS_XDRDestroy, JS_XDRDouble, JS_XDRFindClassById, JS_XDRFindClassIdByName, JS_XDRInitBase, JS_XDRMemDataLeft, JS_XDRMemGetData, JS_XDRMemResetData, JS_XDRMemSetData, JS_XDRNewMem, JS_XDRRegisterClass, JS_XDRScriptObject, JS_XDRString, JS_XDRStringOrNull, JS_XDRUint16, JS_XDRUint32, JS_XDRUint8, JS_XDRValue, JS_YieldRequest, JS_free, JS_malloc, JS_realloc, JS_smprintf, JS_smprintf_free, JS_snprintf, JS_sprintf_append, JS_strdup, JS_sxprintf, JS_updateMallocCounter, JS_vsmprintf, JS_vsnprintf, JS_vsprintf_append, JS_vsxprintf, js_AddGCThingRootRT, js_AddRootRT, js_GetSrcNoteOffset, js_InitProxyClass, js_ObjectToOuterObject, js_RemoveRoot, js_RevertVersion, js_SetSingleStepMode, js_SrcNoteLength, js_SrcNoteSpec, js_TransplantObjectWithWrapper
ExifTool:
file metadata
CodeSize: 1437696
EntryPoint: 0x15e4d0
FileSize: 1943 kB
FileType: Win32 DLL
ImageVersion: 0.0
InitializedDataSize: 544768
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
PEType: PE32
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2011:11:05 02:55:40+01:00
UninitializedDataSize: 0

C:\Windows\System32\bcmwlrc.dll

Antivirus Version Last Update Result
AhnLab-V3 2011.12.03.00 2011.12.03 -
AntiVir 7.11.18.204 2011.12.02 -
Antiy-AVL 2.0.3.7 2011.12.03 -
Avast 6.0.1289.0 2011.12.03 -
AVG 10.0.0.1190 2011.12.03 -
BitDefender 7.2 2011.12.03 -
ByteHero 1.0.0.1 2011.11.29 -
ClamAV 0.97.3.0 2011.12.03 -
Commtouch 5.3.2.6 2011.12.03 -
Comodo 10827 2011.12.03 -
DrWeb 5.0.2.03300 2011.12.03 -
Emsisoft 5.1.0.11 2011.12.03 -
eSafe 7.0.17.0 2011.12.01 -
eTrust-Vet 37.0.9600 2011.12.02 -
F-Secure 9.0.16440.0 2011.12.03 -
Fortinet 4.3.388.0 2011.12.03 -
GData 22.295/22.549 2011.12.03 -
Jiangmin 13.0.900 2011.12.03 -
K7AntiVirus 9.119.5589 2011.12.03 -
Kaspersky 9.0.0.837 2011.12.03 -
McAfee 5.400.0.1158 2011.12.03 -
McAfee-GW-Edition 2010.1D 2011.12.03 -
Microsoft 1.7903 2011.12.03 -
NOD32 6668 2011.12.01 -
Norman 6.07.13 2011.12.03 -
nProtect 2011-12-03.01 2011.12.03 -
Panda 10.0.3.5 2011.12.03 -
PCTools 8.0.0.5 2011.12.03 -
Rising 23.86.04.02 2011.12.02 -
Sophos 4.71.0 2011.12.03 -
SUPERAntiSpyware 4.40.0.1006 2011.12.03 -
Symantec 20111.2.0.82 2011.12.03 -
TrendMicro-HouseCall 9.500.0.1008 2011.12.03 -
VBA32 3.12.16.4 2011.12.03 -
VIPRE 11197 2011.12.03 -
ViRobot 2011.12.3.4807 2011.12.03 -
VirusBuster 14.1.97.0 2011.12.02 -
Additional information
MD5 : 87388cc03fb0da28aaffbd71711b0ed6
SHA1 : 983004f6fc925aa6d52f9f0aaec4f83aeff7701b
SHA256: 76b420c55f2ae98daf03aaa3d591aa675ed97c683b18fc5cf776412daf9b140b
ssdeep: 96:TaQJ3b7I/S7PitSdU2t2KXCzq555rqxtK3X2+RqGCVthcE+:rb7I67PiIzxyOrdOtK3X2EqG
gf+
File size : 6656 bytes
First seen: 2009-10-23 11:27:20
Last seen : 2011-12-03 16:39:16
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1319
timedatestamp....: 0x489344E4 (Fri Aug 01 17:16:20 2008)
machinetype......: 0x14c (I386)

[[ 5 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x77C, 0x800, 5.87, 144d08d53c60379ca08b9acabdfdc905
.rdata, 0x2000, 0x506, 0x600, 4.25, c656a6f54f9e7e5279b89e4a98192a0b
.data, 0x3000, 0x35C, 0x200, 0.28, 38a465ab13e516ac4d90e19854e125b5
.rsrc, 0x4000, 0x2BC, 0x400, 4.89, 193991aba564030644c235cba396d65b
.reloc, 0x5000, 0x14C, 0x200, 3.80, f4a0829035d70828984b3b19a78b2a54

[[ 2 import(s) ]]
MSVCR80.dll: _lock, __dllonexit, _except_handler4_common, _unlock, __clean_type_info_names_internal, _crt_debugger_hook, __CppXcptFilter, _adjust_fdiv, _amsg_exit, _initterm_e, _initterm, _decode_pointer, free, _encoded_null, _malloc_crt, _onexit, _encode_pointer
KERNEL32.dll: GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, InterlockedCompareExchange, Sleep, InterlockedExchange, GetSystemTimeAsFileTime

All processes killed
========== OTL ==========
Error: No service named RichVideo) Cyberlink RichVideo Service(CRVS was found to stop!
Service\Driver key RichVideo) Cyberlink RichVideo Service(CRVS not found.
File File not found not found.
File HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051 not found.
C:\USERS\VINCENZO\APPDATA\ROAMING\5051\components folder moved successfully.
C:\USERS\VINCENZO\APPDATA\ROAMING\5051 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Folder C:\Users\Vincenzo\AppData\Roaming\5051\ not found.
C:\Users\Vincenzo\AppData\Local\PDF24\Favorites folder moved successfully.
C:\Users\Vincenzo\AppData\Local\PDF24\Archive folder moved successfully.
C:\Users\Vincenzo\AppData\Local\PDF24 folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\5050\components folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\5050 folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\5049\components folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\5049 folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\xmldm folder moved successfully.
C:\Users\Vincenzo\AppData\Roaming\kock folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Vincenzo
->Temp folder emptied: 2008 bytes
->Temporary Internet Files folder emptied: 15288305 bytes
->Java cache emptied: 12285286 bytes
->FireFox cache emptied: 204189559 bytes
->Flash cache emptied: 3578 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3987228 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 225,00 mb



[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Vincenzo
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 12032011_175531

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Hi,

bitte noch mal zur Sicherheit ein neues OLT-Log...

chirs

OTL Logfile:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 03.12.2011 23:25:19 - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Vincenzo\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,62% Memory free
5,99 Gb Paging File | 4,42 Gb Available in Paging File | 73,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 338,36 Gb Free Space | 72,66% Space Free | Partition Type: NTFS
 
Computer Name: VINCENZO-PC | User Name: Vincenzo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Vincenzo\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Programme\Windows Live\Mail\wlmail.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - c:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
PRC - c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG)
PRC - c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG)
PRC - c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG)
PRC - c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG)
PRC - c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG)
PRC - c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\PPKLITE.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\EScript.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\pddom.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\DigSig.DEU ()
MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\plug_ins\Acroform.DEU ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Programme\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) --  File not found
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (NAUpdate) -- C:\Program Files\Nero\Update\NASvc.exe (Nero AG)
SRV - (STacSV) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\stacsv.exe (IDT, Inc.)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (OpenVPNService) -- C:\Programme\OpenVPN\bin\openvpnserv.exe ()
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AESTFilters) -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_x86_neutral_9691412ff1876250\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (LcSvrAdm) -- c:\ElsaWin\bin\LcSvrAdm.exe (Volkswagen AG)
SRV - (LcSvrHis) -- c:\ElsaWin\bin\LcSvrHis.exe (Volkswagen AG)
SRV - (LcSvrSaz) -- c:\ElsaWin\bin\LcSvrSaz.exe (Volkswagen AG)
SRV - (LcSvrAuf) -- c:\ElsaWin\bin\LcSvrAuf.exe (Volkswagen AG)
SRV - (LcSvrPAS) -- c:\ElsaWin\bin\LcSvrPas.exe (Volkswagen AG)
SRV - (LcSvrDba) -- c:\ElsaWin\bin\LcSvrDba.exe (Volkswagen AG)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WINUSB) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Plc)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (NETw5s32) Intel(R) -- C:\Windows\System32\drivers\NETw5s32.sys (Intel Corporation)
DRV - (tap0901) -- C:\Windows\System32\drivers\tap0901.sys (The OpenVPN Project)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (hpdskflt) -- C:\Windows\system32\DRIVERS\hpdskflt.sys (Hewlett-Packard)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard)
DRV - (iscFlash) -- C:\swsetup\sp45138\iscflash.sys (Insyde Software)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (LUMDriver) -- C:\Windows\System32\drivers\LUMDriver.sys (IBM)
DRV - (PVUSB) -- C:\Windows\System32\drivers\CESG502.sys (Hitachi Semiconductor and Devices Sales Co.,Ltd.)
DRV - (ssm_bus) SAMSUNG Mobile USB Device II 1.0 driver (WDM) -- C:\Windows\System32\drivers\ssm_bus.sys (MCCI)
DRV - (ssm_mdm) -- C:\Windows\System32\drivers\ssm_mdm.sys (MCCI)
DRV - (ssm_mdfl) -- C:\Windows\System32\drivers\ssm_mdfl.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 77 EB E3 D1 AA CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
 
========== FireFox ==========
 
FF - prefs.js..network.proxy.no_proxies_on: "local"
FF - prefs.js..network.proxy.type: 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.775: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.775: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.16: C:\Program Files\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.3: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.05.16 20:22:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.05.16 20:22:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.30 14:16:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.30 14:16:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.10.09 16:11:07 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Vincenzo\AppData\Roaming\5051
 
[2011.09.16 16:31:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions
[2009.12.21 21:10:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011.09.28 19:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Vincenzo\AppData\Roaming\mozilla\Firefox\Profiles\0sn3yrha.default\extensions
[2011.11.12 18:17:31 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\VINCENZO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0SN3YRHA.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.11.11 20:04:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.09.15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009.12.21 06:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2011.10.06 20:01:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.06 20:01:34 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.10.06 20:01:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.06 20:01:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.06 20:01:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.06 20:01:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Programme\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - Startup: C:\Users\Vincenzo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Vincenzo\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office XP\Office10\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos Web Intelligence\swi_lsp.dll (Sophos Plc)
O13 - gopher Prefix: missing
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6254A1D2-3EED-44D2-9F3C-21F2525BB591}: DhcpNameServer = 134.108.34.5 134.108.34.6
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6A8C7BF2-C42F-4BD7-852F-7AC3AD549007}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\vw-wi {0F3C833F-FB28-40EA-8CB9-6A55B996C3F6} - c:\ElsaWin\bin\wiprot.dll (TODO: <Company name>)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) -C:\Windows\System32\acaptuser32.dll (Adobe Systems Incorporated)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) -C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell - "" = AutoRun
O33 - MountPoints2\{625edd1c-ff76-11df-9d92-001e68f7211d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.03 17:55:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.02 16:53:05 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe
[2011.12.01 20:54:51 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Roaming\Malwarebytes
[2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.01 20:54:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.01 20:54:35 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.12.01 20:54:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.12.01 13:03:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.01 13:03:11 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.01 12:42:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}
[2011.12.01 12:42:05 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\PackageAware
[2011.11.24 12:33:42 | 001,566,512 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe
[2011.11.17 22:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.11.17 18:41:25 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\Desktop\A_Klasse
[2011.11.16 20:25:24 | 000,000,000 | ---D | C] -- C:\Users\Vincenzo\AppData\Local\Axialis
[2011.11.09 17:34:03 | 002,341,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.12.20 00:27:03 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2009.12.20 00:27:03 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2009.12.20 00:27:03 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2009.12.20 00:27:03 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2009.12.20 00:27:03 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.03 23:24:12 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.12.03 23:24:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.03 18:05:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 18:05:35 | 000,013,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.03 17:59:07 | 000,000,987 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2011.12.03 17:58:11 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.12.03 17:57:32 | 2413,719,552 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.02 17:03:08 | 001,547,774 | ---- | M] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip
[2011.12.02 16:53:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Vincenzo\Desktop\OTL.exe
[2011.12.01 22:53:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job
[2011.12.01 13:16:01 | 003,690,976 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.12.01 13:12:04 | 000,000,036 | ---- | M] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res
[2011.12.01 13:03:12 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.27 10:03:59 | 000,664,634 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.11.27 10:03:59 | 000,624,776 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.11.27 10:03:59 | 000,134,770 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.11.27 10:03:59 | 000,110,414 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.11.24 12:33:42 | 001,566,512 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Vincenzo\Desktop\TDSSKiller.exe
[2011.11.21 12:27:13 | 000,579,494 | ---- | M] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf
[2011.11.15 20:50:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2011.11.13 19:20:47 | 000,620,234 | ---- | M] () -- C:\Users\Vincenzo\SHARK.INI
[2011.11.08 16:17:05 | 006,028,664 | ---- | M] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf
[1 C:\Users\Vincenzo\AppData\Roaming\*.tmp files -> C:\Users\Vincenzo\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.12.02 17:02:52 | 001,547,774 | ---- | C] () -- C:\Users\Vincenzo\Desktop\tdsskiller.zip
[2011.12.01 22:53:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.01 13:03:12 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.11.28 15:15:08 | 000,000,036 | ---- | C] () -- C:\Users\Vincenzo\AppData\Roaming\blckdom.res
[2011.11.21 12:27:13 | 000,579,494 | ---- | C] () -- C:\Users\Vincenzo\Desktop\Deutschland testet.pdf
[2011.11.08 16:17:04 | 006,028,664 | ---- | C] () -- C:\Users\Vincenzo\Desktop\GT-I9100_UM_Open_Ger_D04_110501-1.pdf
[2011.10.09 16:07:42 | 000,180,988 | ---- | C] () -- C:\Windows\hpoins13.dat.temp
[2011.10.09 16:07:42 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat.temp
[2011.05.18 17:58:10 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011.04.17 20:34:45 | 000,007,602 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\Resmon.ResmonCfg
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011.03.05 18:34:42 | 000,000,056 | ---- | C] () -- C:\Windows\Acroread.ini
[2011.01.10 13:25:34 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.11.30 14:13:23 | 000,000,616 | ---- | C] () -- C:\Windows\System32\NTS5CSET.INI
[2010.06.15 16:16:35 | 000,000,928 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.01.14 16:54:23 | 000,000,096 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\fusioncache.dat
[2009.12.24 22:11:33 | 000,005,120 | ---- | C] () -- C:\Users\Vincenzo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.24 21:34:53 | 002,729,472 | ---- | C] () -- C:\Windows\System32\fun_avcodec.dll
[2009.12.24 20:19:39 | 000,181,013 | ---- | C] () -- C:\Windows\hpoins13.dat
[2009.12.24 20:19:39 | 000,000,457 | ---- | C] () -- C:\Windows\hpomdl13.dat
[2009.12.20 00:26:20 | 000,000,987 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2009.12.19 23:50:49 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2009.08.03 00:21:54 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2009.08.03 00:21:54 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2009.08.03 00:21:52 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2009.07.14 09:47:43 | 000,664,634 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.07.14 09:47:43 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.07.14 09:47:43 | 000,134,770 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.07.14 09:47:43 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 05:33:53 | 003,690,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2009.07.14 03:05:48 | 000,624,776 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009.07.14 03:05:48 | 000,110,414 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >
         

--- --- ---

Hi,

gefällt mir noch nicht ganz...

Lade SystemLook von einem der folgenden Links und speichere das Tool auf dem Desktop.
http://jpshortstuff.247fixes.com/SystemLook.exe - http://images.malwareremoval.com/jps...SystemLook.exe

• Doppelklick auf die SystemLook.exe, um das Tool zu starten.

• Vista-User/Win7 mit Rechtsklick und als Administrator starten.

• Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

Code: Alles auswählenAufklappen

ATTFilter

:filefind
chrome.manifest
install.rdf

:regfind
184AA5E6-741D-464a-820E-94B3ABC2F3B4
         

• Klicke nun auf den Button Look, um den Scan zu starten.

Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.

Kennst Du diesen JOB?
[2011.12.01 19:34:02 | 000,000,480 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Vincenzo.job

chris

Ich hab jetzt noch ein kleines Problem mit Firefox. Wenn ich meinen Rechner hochfahre und anschließend Firefox starte, dann hängt sich der Rechner komplett auf, sodass nur noch ein ausschalten per Startknopf hilft.

Kann es an der Prozedur liegen, die wir bis jetzt gemacht haben??

Hi,

hast du den CCleaner laufen lassen?

Wäre möglich, bitte wie folgt vorgehen:

Firefox komplett inklusive aller Erweiterungen und Einstellungen deinstallieren Firefox deinstallieren | Anleitung | Firefox-Hilfe.

Vorher ggf. die Links sichern über: Bookmarks(Lesezeichen)->Show All Bookmarks (Alle anzeigen)->Import/Export.

Neu booten und die neuste Version Webbrowser Firefox auf Deutsch | Schneller, sicherer und anpassbar installieren...

Lesezeichen wieder importieren...

Gruß,
chris